package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.guava.common.collect.Maps;
import org.apache.jackrabbit.guava.common.collect.UnmodifiableIterator;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.AutoMembershipConfig;
import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipPrincipals.class */
final class AutoMembershipPrincipals {
    private static final Logger log = LoggerFactory.getLogger(AutoMembershipPrincipals.class);
    private final UserManager userManager;
    private final Map<String, String[]> autoMembershipMapping;
    private final Map<String, AutoMembershipConfig> autoMembershipConfigMap;
    private final Map<String, Set<Principal>> principalMap;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AutoMembershipPrincipals(@NotNull UserManager userManager, @NotNull Map<String, String[]> map, @NotNull Map<String, AutoMembershipConfig> map2) {
        this.userManager = userManager;
        this.autoMembershipMapping = map;
        this.autoMembershipConfigMap = map2;
        this.principalMap = new ConcurrentHashMap(map.size());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getConfiguredIdpNames(@NotNull Principal principal) {
        if (this.principalMap.isEmpty() && !this.autoMembershipMapping.isEmpty()) {
            Iterator<String> it = this.autoMembershipMapping.keySet().iterator();
            while (it.hasNext()) {
                collectGlobalAutoMembershipPrincipals(it.next());
            }
        }
        String name = principal.getName();
        HashSet hashSet = new HashSet(this.principalMap.size());
        this.principalMap.forEach((str, set) -> {
            if (set.stream().anyMatch(principal2 -> {
                return name.equals(principal2.getName());
            })) {
                hashSet.add(str);
            }
        });
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Iterator<Authorizable> getMembersFromAutoMembershipConfig(@NotNull Group group) {
        ArrayList arrayList = new ArrayList();
        this.autoMembershipConfigMap.values().forEach(autoMembershipConfig -> {
            arrayList.add(autoMembershipConfig.getAutoMembers(this.userManager, group));
        });
        return Iterators.concat(arrayList.iterator());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isMember(@NotNull String str, @NotNull String str2, @NotNull Authorizable authorizable) {
        String[] strArr = this.autoMembershipMapping.get(str);
        if (strArr != null) {
            for (String str3 : strArr) {
                if (str2.equals(str3)) {
                    return true;
                }
            }
        }
        AutoMembershipConfig autoMembershipConfig = this.autoMembershipConfigMap.get(str);
        if (autoMembershipConfig != null) {
            return autoMembershipConfig.getAutoMembership(authorizable).contains(str2);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInheritedMember(@NotNull String str, @NotNull Group group, @NotNull Authorizable authorizable) throws RepositoryException {
        if (isMember(str, group.getID(), authorizable)) {
            return true;
        }
        UnmodifiableIterator filter = Iterators.filter(group.getDeclaredMembers(), (v0) -> {
            return v0.isGroup();
        });
        while (filter.hasNext()) {
            if (isInheritedMember(str, (Group) filter.next(), authorizable)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Map<Principal, Group> getAutoMembership(@NotNull String str, @NotNull Authorizable authorizable, boolean z) {
        Map<Principal, Group> collectGlobalAutoMembershipPrincipals = collectGlobalAutoMembershipPrincipals(str);
        if (z) {
            for (Group group : (Group[]) collectGlobalAutoMembershipPrincipals.values().toArray(new Group[0])) {
                collectInheritedPrincipals(group, collectGlobalAutoMembershipPrincipals);
            }
        }
        AutoMembershipConfig autoMembershipConfig = this.autoMembershipConfigMap.get(str);
        if (autoMembershipConfig != null) {
            autoMembershipConfig.getAutoMembership(authorizable).forEach(str2 -> {
                addVerifiedPrincipal(str2, collectGlobalAutoMembershipPrincipals, z);
            });
        }
        return collectGlobalAutoMembershipPrincipals;
    }

    private Map<Principal, Group> collectGlobalAutoMembershipPrincipals(@NotNull String str) {
        HashMap newHashMap = Maps.newHashMap();
        if (this.principalMap.containsKey(str)) {
            this.principalMap.get(str).forEach(principal -> {
                Group retrieveGroup = retrieveGroup(principal);
                if (retrieveGroup != null) {
                    newHashMap.put(principal, retrieveGroup);
                }
            });
        } else {
            String[] strArr = this.autoMembershipMapping.get(str);
            if (strArr != null) {
                for (String str2 : strArr) {
                    addVerifiedPrincipal(str2, newHashMap, false);
                }
            }
            this.principalMap.put(str, ImmutableSet.copyOf(newHashMap.keySet()));
        }
        return newHashMap;
    }

    private static void collectInheritedPrincipals(@NotNull Group group, @NotNull Map<Principal, Group> map) {
        try {
            Iterator memberOf = group.memberOf();
            while (memberOf.hasNext()) {
                Group group2 = (Group) memberOf.next();
                Principal verifiedPrincipal = getVerifiedPrincipal(group2);
                if (verifiedPrincipal != null) {
                    map.put(verifiedPrincipal, group2);
                }
            }
        } catch (RepositoryException e) {
            log.warn("Error while resolving inherited auto-membership", e);
        }
    }

    private void addVerifiedPrincipal(@NotNull String str, @NotNull Map<Principal, Group> map, boolean z) {
        try {
            Authorizable authorizable = this.userManager.getAuthorizable(str);
            if (authorizable == null || !authorizable.isGroup()) {
                log.warn("Configured auto-membership group {} does not exist -> Ignoring", str);
                return;
            }
            Group group = (Group) authorizable;
            Principal verifiedPrincipal = getVerifiedPrincipal(group);
            if (verifiedPrincipal != null) {
                map.put(verifiedPrincipal, group);
                if (z) {
                    collectInheritedPrincipals(group, map);
                }
            }
        } catch (RepositoryException e) {
            log.debug("Failed to retrieved 'auto-membership' group with id {}", str, e);
        }
    }

    @Nullable
    private static Principal getVerifiedPrincipal(@NotNull Group group) throws RepositoryException {
        Principal principal = group.getPrincipal();
        if (GroupPrincipals.isGroup(principal)) {
            return principal;
        }
        log.warn("Principal of group {} is not of group type -> Ignoring", group.getID());
        return null;
    }

    @Nullable
    private Group retrieveGroup(@NotNull Principal principal) {
        try {
            Group authorizable = this.userManager.getAuthorizable(principal);
            if (authorizable != null && authorizable.isGroup()) {
                return authorizable;
            }
            log.warn("Cannot retrieve group from principal {} -> Ignoring", principal);
            return null;
        } catch (RepositoryException e) {
            log.debug("Failed to retrieved 'auto-membership' group for principal {}", principal.getName(), e);
            return null;
        }
    }
}
